Safelight Security Advisors » In the News

Safelight Challenges RSA Conference Participants to Cultivate a Security Culture Within their Organizations

Rob Cheyne, Safelight CEO — Wed, 22 Feb 2012 19:48:50 +0000

PROVIDENCE, R.I. (February 22, 2012) – Safelight, a leader in security education, will host a series of Security Mindset Challenges at the RSA Conference 2012, Booth # 1655, designed to highlight the people side of information risk and help organizations transform their security cultures from a singular focus on technology to one where people and processes are their strongest line of defense.

“When people adopt a security mindset and are educated on how to protect valuable information on a daily basis, they can become your most valuable security asset,” said Safelight CEO Rob Cheyne. “Security education programs need to address the people and process side of information risk so that organizations aren’t relying solely on technology.”

Safelight’s Security Mindset Challenges will focus on some of the most pressing people security issues that organizations face. These include training the development team in secure coding practices and educating employees on how to avoid common techniques used by hackers to gain access to proprietary data and systems.

In the first Security Mindset Challenge – Breaking The Bank – attackers can leverage web vulnerabilities including SQL injection and cross-site scripting, to log on as an administrator compromising the bank’s security perimeter and gaining unfettered access to systems and applications.

During The Break-In, people can choose from various social engineering techniques, such as piggybacking off an employee badge to walk through a door or pretending to be an electrician who is working in the building, to gain unauthorized access to a facility or restricted areas.

To play the Email Defender challenge, participants will decide among “good” and “bad” emails in their Inbox and receive points for actions they take including opening good ones versus bad ones, and not clicking on links or attachments.

RSA Conference 2012 attendees are invited to participant in all of the challenges at Safelight’s booth, February 27-March 2, 2012, in San Francisco, Calif. Complete any of the challenges and be entered into a drawing for a MacBook Air or Pwnie Express PwnPhone. After completing any challenge, participants will also receive tokens they can give out to other attendees. For each of their chips that is returned to the Safelight booth, they receive an additional chance to win one of the prizes.

To learn specific strategies that can be used to effectively integrate security across the organization, attend Rob Cheyne’s talk at the RSA Conference 2012 on “Cultivating a Culture of Security, Wednesday, February 29 at 12:30 p.m. in the Briefing Center. To learn how to instill a security mindset in every employee, download Safelight’s “Security Mindset” white paper at www.safelightsecurity.com/rsa2012/.

Cheyne will also be presenting “Cube Talk: Learn to Learn by Speed-Solving the Rubik’s Cube,” at the Safelight booth, where he will demonstrate how people learn and how these lessons can be applied to teaching people security. To learn more about Safelight’s on-demand and instructor-led courses for general staff, development teams and IT staff visit the company’s Education Programs page. Organizations can receive their custom blueprint for building an education program that matches the organization’s risk profile by accessing Safelight’s interactive Security Education Blueprint tool.

About Safelight
Safelight is a leader in security education—our integration of deep security expertise and innovative approaches to interactive learning sets us apart. We help organizations build comprehensive education programs that go beyond training to measurably shift the way employees think about the value of information and their role in protecting it. We offer a full range of instructor-led and on-demand courses for development, IT and general staff; each role-specific course is part of a larger program designed to cultivate a culture of security across the organization. Learn more at www.safelightsecurity.com.

Dr. Dobb’s: Safelight Sends C/C++ Coders Back to Security School

Lisa Parcella — Wed, 29 Jun 2011 14:12:38 +0000

Coverage of Safelight’s newest on-demand course for developers, Secure C/C++ Coding, released on June 20.

Full Story

Security Wire Weekly: Security Awareness Training Begins with Risk Assessment

Kim Novino — Thu, 31 Mar 2011 17:21:40 +0000

Security expert Rob Cheyne, CEO of Safelight Security Advisors, explains how organizations can get started with security training programs. Cheyne said a good first step is a risk assessment.

Full Story

SearchSecurity.com: Industry groups, businesses attempt security awareness training plan

Kim Novino — Thu, 31 Mar 2011 17:21:12 +0000

Security awareness training is a growing movement, according to experts and analysts. Failed audits, data breaches and other factors that put intellectual property and other sensitive data at risk has forced companies to try and instill security into its employees, said Rob Cheyne, founder and CEO of Providence, R.I.-based Safelight Security Advisors.

Full Story

eSecurity Planet: Safelight Intros Security Education Blueprint

Kim Novino — Mon, 14 Feb 2011 16:25:40 +0000

Safelight has announced the availability of its Security Education Blueprint, a tool designed to help companies develop a security education program that matches their employees’ needs.

Full Story

InfoSecurity: Safelight shines light on security gaps, offers training strategies

Kim Novino — Mon, 14 Feb 2011 16:24:53 +0000

(10 February 2011)

Safelight is releasing its security education blueprint, an interactive tool that enables organizations to assess the information security needs of their personnel and develop an appropriate security educational program based on that assessment.

Full Story

SearchSecurity.com: Computer security awareness training could prevent some data loss, experts say

Lisa Parcella — Wed, 08 Dec 2010 16:52:59 +0000

Safelight CEO Rob Cheyne discusses the role enterprise end users play in data security, underscoring the need for security awareness programs that reach all employees.

Full story.

Threatpost: Rob Cheyne on Security Education and the Problem of People in Security

Lisa Parcella — Thu, 08 Jul 2010 16:25:59 +0000

Safelight CEO Rob Cheyne talks with Threatpost’s Dennis Fisher about why security is every employee’s responsibility and how companies can shift the way they communicate with users about the value of information and their role in protecting it.

Listen to the podcast.

TechNewsWorld: Rob Cheyne on Ridding the Web of the XSS Scourge

Kim Novino — Fri, 30 Oct 2009 15:16:24 +0000

While many developers have heard of the common attacks such as SQL injection and cross-site scripting, most have not actually seen the attacks fully exploited. “Until people see the repercussions they are not inclined to go back into their code and clean up the issues, which leads to the state we’re in today,” said Rob Cheyne, CEO, Safelight Security Advisors.

The application security classes Rob teaches and Safelight’s online learning courses feature training that shows developers what they’re really up against when it comes to these types of attacks.

View Safelight’s cross-site scripting and SQL injections demonstrations on YouTube here.

Full Story

CSTechCast: Rob Cheyne on Why Secure Code is Lacking

Kim Novino — Mon, 21 Sep 2009 18:43:55 +0000

Rob Cheyne talks to CSTechCast about why secure code is lacking, and what can be done about it. What are some of the common mistakes developers make, the biggest security misconceptions and how best to balance business and IT security requirements? Listen to the podcast.